3

I'm just wondering if anyone can point me in the right direction for configuring a Pure-FTP daemon on our CentOS Linux server to support FTP over implicit SSL/TLS (over port 990). Btw, I'm pretty good with finding my way around a linux server, just never dealt with Pure-FTP before.

Thanks, Harry

P.S. I know explicit FTPS is the new standard, however, one of the firewalls in the way seems to mess with explicit FTPS, but leave implicit FTPS connections alone. Since we have no control over the firewall, but have full control over the server, it only makes sense to switch to implicit FTPS to get around this issue.

Castaglia
  • 3,239
  • 3
  • 19
  • 40
Harry Muscle
  • 213
  • 2
  • 9

2 Answers2

5

Hello for anyone still wondering about this.

Pure-FTPd supports implicit TLS, configurable at compile-time, with the --with-implicittls flag, since version 1.0.24. This turns off the explicit TLS feature, so it's an XOR.

PAStheLoD
  • 256
  • 3
  • 7
1

I am trying to find an answer to the same problem. I notice that this thread was started in 2012 and in 10 years nobody has dared to answer it. Moreover, I googled it and there has been no proper article even after 10 years which is sad. Even google pointed me to such an old thread on the first page. So, I think the work-around that I found could be the final answer to this question. However, I will keep searching. I will share the work-around with you in case you are trying to fix the same issue:

  1. Ubuntu: go to /etc/pure-ftpd/conf directory and change the TLS file to 2 so that only ftp over tls is allowed and non-encrypted tls is blocked.

  2. Run this command: echo ",990" > /etc/pure-ftpd/conf/Bind This will create a Bind file that change the port 21 to 990 for ftp connection for all incoming connections. This will fix the firewall issue.

  3. Run service pure-ftpd-mysql restart to apply the new settings.

Now, test it out on your ftp client such as WinSCP. So, your settings will allow pure-ftp to use explicit encryption on port 990. It is not an idle solution for implicit encryption but it is a workaround for the firewall problem at your organization.

for centos edit this file: nano /etc/pure-ftpd/pure-ftpd.conf, add TLS 2 in the conf file. Add these 2 lines as well:

TLSCipherSuite HIGH CertFile /etc/ssl/private/pure-ftpd.pem

Don't forget to issue the certfile. You will find a lot of articles for explicit ftp connection for fure-ftp. You can follow those instructions.

Regards Aditya

Aditya Mittal
  • 11
  • 1